[Samba] Samba over ssh ?
jonlists at cbsol.com
Fri Apr 1 06:19:27 GMT 2005
[snip other stuff]
> Thanks for your suggestion. I have installed openvpn and the lzo library
> which it depends.
> One nagging question that I still have is :
> Does using openvpn (or any VPN solution in general) obviate the need to
> these vulnerable ports ? The little documentation that I have read so
> talk a lot about encryption. While that is important, I also need to
> about the ports (strangely, the firewall does not open any of those
> nmap -P0 run on the machine reveals that these ports are open :
> 139/tcp open netbios-ssn
> 445/tcp open microsoft-ds )
> Anyways, another concern I have is that while I have the samba server up
> running and all my users are happy with it, how much disruption and user
> effort can I expect when I implement openvpn ? Like typical windows
> they value ease of use over security. Don't take me wrong, I will
> implement this if it contributes towards security, but I need to know
> be able to tell my users what to expect.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
Maybe I'm missing something, but wouldn't you want to place the VPN
connections between your firewall and the mobile/end user, but not on the
Samba server? I am assuming that you're not talking about the firewall on
your server itself, but your firewall on the Internet/public connection.
Those ports are particularly nasty because of the Windows operating system
on which they typically run, not because of problems on linux. There's
always the possibility of DOS attacks, or of some buffer overrun exploit
being discovered, but I believe the chances of those happening are far
less than your users being angry because you've tightened security to the
point it's difficult to use the network.
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
More information about the samba